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(54) Rbre channel connection storage controller 

(57) N_Port_Name information capable of distinctly 
identifying a host conputer has seen set in a microproc- 
essor 42 of a storage controller 40 prior to startHip of 
host computers 10, 20, 30; upon startup of the host 
computers 10, 20, 30, when the storage controller 40 
receives a frame issued, then the microprocessor 42 
operates to perform comparison for determining 
whether the N_Port_Name information stored in the 
frame has been already set in the microprocessor 42 
and registered to the N_Port_Name list within a control 
table maintained. When such comparison results in 
match, then continue execution of processing based on 
the frame instruction; if comparison results in failure of 
niatch, then reject any request 
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Description 

BACKGROUND OF THE INVENTION 

The present invention relates to storage cx)ntrol 
apparatus with ANSIX3T1 1 -standardized ih& channels 
^ as an interface with its upper-level or "hosT computers, 
and more particularly to a storage controller device 
which is enriployat)le in a corrputer system including a 
host computer and a storage control device pli^ a stor- 
age unit operable under control of the storage controller 
and which is for elimination of unauthorized access 
attempts upon issuance of a recfuest to access the stor- 
age unit as sent from the host computer to the storage 
controller. 

Conventionally, witii regard to elimination or deter- 
ment of unauthorized or illicit access attempts over net- 
works, a variety of approaches are known and proposed 
until today. 

One typical prior known approach to deterring 
unauthorized access has been disclosed in Published 
Unexamined Japanese Patent Application f PUJPA*} 
No. 3-152652, wherein a network security system 
between computer systems supporting the TCP/IP pro- 
tocol includes a menfK>ry device for storage of prede- 
fined Identification (ID) Information of those users wfK> 
are auttiorized to log-in the network. The security sys- 
tem has a function of interrupting or disenat}ling any 
connection to the network whenever an unauthorized 
person attempts to log-in the network for invasion or 
"hacking** purposes. 

Another approach has t>een disclosed in PUJPA 
No. 63-253450, wherein the central processing device 
disclosed comes with an operating system that is 
designed to monitor or "piloT entry of user ID, password 
and online address data theret>y deterring any unau- 
thorized access to resource files on disk drive units. 

Still another approach is t>ased on the "ESCON** 
interface architecture availat)le from IBM corp., which is 
designed so that by utilizing the fact that a host compu- 
ter stores therein a logical address thereof as the 
source address of the host computer in the form of a 
frame and transmits the same to a storage controller 
device, the storage controller has a function of checking 
whether an incoming logical address in such frame 
matches a logical address that has t>een preset in the 
storage controller. 

Any one of the prescrit>ed prior art approaches are 
not more than a mere unauthorized access elimination 
means that is inherentiy directed to those Interfaces 
with a single type of layer mounted on a host logical 
layer. 

However, the ANSIX3T1 1 -standardized fber chan- 
nel is the "networii type" architecture, which is capable 
of providing the host logical layer with various built-in 
layers nwuntable thereon, such as for example TCP/IP, 
SCSI, ESCON, IPI and the like. More specifically, since 
the buff^ contents are to be moved from one device to 



another in a way independent of the data format and 
contents, it may offer logical corrpatit^Oty with other 
interface configurations and therefore remains physi- 
cally accessit)le without suffering from any particular 

5 limitations. Especially, in a storage system including this 
fber channel and a storage device with a plurality of 
storage regions such as a disk array device or "subsys- 
tem," the storage regions are usat)le in common k}y an 
increased number of host connputers. Accordingly, the 

10 prior art unauthorized access determent schemes 
remain insufficient in performance and reliability A need 
thus exists for achievement of secrecy protection based 
on users* intentional security setup. 

15 SUMMARY OF THE INVEm-ION 

An object of the present irrvention is to provide a 
fber channel connection storage control device 
adapted for use in a conrputer system which employs an 

20 ANSIX3T1 1 -standardized f ik>er channel as an interface 
between one or wore host computers and a storage 
control device and which includes host computers and a 
storage control device plus more than one storage 
device operable under control of the storage control 

25 device, wherein the fit>er channel connection storage 
control device has a security function of. in the environ- 
ment capat)le of physically receiving any access from 
the host computers, eliminating or deterring ur^uthor- 
ized access attempts from the host computers to the 

30 Storage control device, which did not have any means 
for rejecting unauthorized access from host corrputers. 

Another object of the present invention is to provide 
a fber channel connection storage control device hav- 
ing a scheme capable of reacfily managing an accessi- 

35 ble host conputer or computers for elimination or 
determent of any unauthorized access from such host 
computers. 

According to the present invention, the foregoing 
ot)jects may be attainable in a way such that 

40 N_Port_Name information of an accessible host com- 
puter or computers which information distinctly identi- 
fies each host computer in a one-t)y-one baste is set in 
the storage control device for comparison with 
N_Port_fslame information as stored in a frame to t>e 

45 sent from a host computer to thereby determ'ne 
whether a presently desired access attenpt is permissi- 
ble or not 

One practical feature of the present invention in 
order to attain the prescrbed objects is to have a means 

50 for inputting by use of a panel or the like the 
N_Port_rteme information that is the information being 
issued from a host computer for distinct kfentification of 
the host computer, and then for storing such input infor- 
mation in a control memory of the storage control device 

55 as a control tatDia In this case, it will be desirable that 
the storage control device has a means for permanently 
storing theran the informatk)n until it is reset or 
updated. 
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And, by arranging the control table to be stored in a 
non-volatile control memory, It becomes possft)le to pro- 
tect the management information even upon occurrence 
of any possible power supply failure or interruption. 

In accordance with another practical feature of the s 
present invention, after start-up of the host conputer, 
the host computer generates arxi issues a frame that 
stores therein N_Port_Name information to the storage 
control device; the storage control device has means for 
corrparing, when the storage control device receives 10 
this Information, the maintained N_PDrt„Name informa- 
tion for distinct identif icalion of the host computer to the 
N_Port_Name information as stored in the received 
frame: K the comparison results in a match between the 
two, then continue to execute the processing based on is 
an instruction of the frame received; attematively. if the 
comparison tells failure in match then return to the host 
conputer an LS_RJT frame which rejects the presently 
rec^vedframa It is thus possitsle for the storage control 
device to inhbit or deter any unauthorized access from 20 
the host computer. 

A further practical feature of the present invention 
lies in presence of a means for setting N__Port_N€ime 
information rten^ which are greater in nunr)k>er tfian or 
equal to a physical nunt>er of host interface units (ports) 25 
as owned by the storage control device. More specifi- 
cally, a means is specifically provided for setting a plu- 
rality of N_Port_Name information items per port This 
makes it possible to accomnxxlate a muHi-logical path 
configuration upon either a fit>er channel fakxic or a 30 
multi-logical path configuration upon switch connec- 
tions. 

Further, in a system having many magnetic disk 
volume parts such as a disk array device and also hav- 
ing a plurality of channel path routes, the system has 35 
manager means for performing management-within 
the storage control device in a one-to-one correspond- 
ence relation per channel path route-of storage regk)ns 
under control of the storage control device, including a 
logical unit number (LUN)-based logical disk extent, a 40 
physical volume extent a RAID group-t>ased logical 
disk extent arxl the like, versus ports of the storage con- 
trol device and N_Port_Name information of a host 
computer(s). This may enattle users to deter an unau- 
thorized access attempt per storage region, which in 45 
turn le^s to achievement of more precise access man- 
agement 

Furthermore in the present invention, even where 
the storage device iffKler control of the storage control 
devk^e is any one of an optical disk drive, magneto-opti- so 
cal (MO) disk drive and magnetic tape device as well as 
a variety of types of titxary devices of them, the storage 
control device has means for performing table based 
management and the storage information of a control 
table-based managerVholder means tor dealing with the ss 
conespondence among the N_Port_Name information 
of an accessble host computer, ports of the storage 
control device, and the storage device, arvl further han- 



dling the correspondence management of meda in the 
case of library apparatus, while simultaneously having a 
means for oorrparing, upon receipt of a frame as sent 
thereto, the information within the frame to the irrforma- 
tion in the control table. th&'et>y eliminating unauthor- 
ized access atterrpts from host corrputers. 

Moreover, the present invention comprises means 
for protecting the management information through 
inputting of a password upon setup of the information 
under management of the storage control devk;e using 
a panel or the like. With such an arrangement, it is pos- 
sible for users to eliminate any fraudulent registration of 
the information and also unauthorized resetting of the 
same. In additbn, the users are capat)le of readily deter 
any unauthorized access by merely setting such man- 
agement informatk>n thus reducing workloads on the 
users. 

It shouM t>e noted that in the present invention, the 
means for setting the information as managed by the 
storage control device may be designed so that the use 
of the panel or the like is replaced with use of a utility 
program or programs of host computers to attain the 
intended setup operation. 

In accordance with the present invention, in a com- 
puter system employing the ANSIX3T11-starxiardized 
f ber ct^Kannel as the interface between host corrputers 
and a storage control devk;e and also including the host 
computers, the storage control devk:e and more ttian 
one storage device under control of the storage control 
devk:e, it is possft)le to deter unauthorized access from 
any one of the host computers, which in turn makes it 
possit)le to attain the intended data secrecy protection 
within the storage devrce. 

In addition, it becomes possible to precisely man- 
aging those access attenrpts from any one of the host 
computers in a one-toone correspondence manner 
anrK)ng the host computers arxl storage controller ports 
as well as storage regions; accordingly, the storage 
devk;e may be effkaentty utiBzed to meet the needs 
upon alteration of the usage per storage region. 

These and other objects, features and advantages 
of the invention will t>e apparent from the following more 
particular descriptkxi of preferred emtxxliments of the 
invention, as illustrated in tfie accompanying drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Rg. 1 ^ a diagram showing a hardware configura- 
tion of a first practicing form of the present invention. 

Rg. 2 is a diagram showing a format of a frame in 
ttie first practicing fomv 

Rg. 3 is a cfiagram showing a format of a frame 
header whk;h constitutes the frame shown in Rg. 2. 

Rg. 4(A) is a format diagram of a paytoad of 
FCP_CMND which is one of frames shown in Rg. 2; 
and, Rg. 4(B) is a format diagram of FCP_CDB consti- 
tuting the payload. 

Rg. 5 shows one example of a sequence perform- 
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ing delivefy of a data frame between a host computer 
and a device in the first practicing fomi, wherein Rg. 
5(A) shows a sequence upon attempting of log-in, Rg. 
5(B) IS a sequence diagram when execution of a read 
command, and Rg. 5(C) is a sequence diagram upon 
receipt of a write command. 

Rg. 6 is adiagram showing a control table used by 
a storage controller in controlling a host computer or 
computers in the first practicing form. 

Rg. 7 shows a flow chart of frame processing as 
executed by the storage controller upon issuance of a 
log-In request from an i4)per-level computer (host) in 
the first practicing form. 

Rg. 8 is a diagram showing a control table used by 
the storage controller for management of storage 
regions in the first practicing form. 

Rg. 9 shows a flow chart of frame processing as 
executed by the storage controller upon Nuance of an 
UO request from the host in the first practicing form. 

Rg. 1 0 is a diagram showing a hardware configura- 
tion in the case wh^e the storage de^ce urxier control 
of the storage controller is an optical disk library as a 
secorxJ practtctng form of the present invention. 

Rg. 11 is a cfiagram showing a control tat)le as 
managed by the storage controller in the second prac- 
ticing form shown in Rg. 1 0. 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMEMTS 

An explanation will first be given of a fiber channel 
and a storage system structured using the channel in 
accordance with the present invention with refererK^e to 
Rgs. 1 to 5. 

Rg. 1 is a diagram showing a hardware configura- 
tion of the storage system in the case where a storage 
device operable under control of a storage controller 
unit are a disk array nrxxiute or "sufc)system." In Rg. 1, 
reference numerals 10, 20, 30 designate host comput- 
ers each of which may t>e a central processing unit for 
executing data processing required. 

Numeral 40 designates a storage controller unit of 
the d^ array sutssystem in which the princqples of the 
present invention are implemented. As shown in Rg. 1 , 
the storage controller 40 is constituted from a fber 
channel control unit 41 which may be a protocol proces- 
sor indudng a direct menx>ry access (DMA) for control- 
ling data transmission t>etween it arvl the host 
computers 10, 20, 30, a microprocessor 42 for control- 
ling all possible operations of the storage controller, a 
control memory 43 for storing therein microprograms for 
control of the operation of the controller atong with con- 
trol data associated therewith, a cache control unit 44 
for controlling writing and reading data to and from the 
cache, a disk cache 45 for temporanly buffering write 
data and read data to/from a disk drive(s), a device 
interface control unit 46 which may be a protocol proc- 
essor including DMA for controlling data transfer 



between it and its associative disk drives, and a panel 
47 for use in inputting device configuration information 
to the storage controller. 

Numeral 50 is the disk array sut>system operable 

5 under control of the storage controller 40. The disk array 
subsystem 50 ^ a device tfiat stores therein data of host 
computers, which may be arranged to includes therein a 
plurality of individual separate disks as disposed to have 
certain redundarK;y. 

10 The disks constituting the disk array sut>system 50 
are logically divided into portions or "partitions" which 
may be set at specified RAID levels cfifferent from one 
arxTther. TTie partitions are called the RAID group. This 
RAID group is further logically subdivided into regions 

75 that may be SCSI access units called the bgical units 
(LUs), each of which has its unique logical unit nurTt>er 
(LUN) adhered thereto. In this errtxxiiment. the disk 
array subsystem 50 illustrated herein comes witti two 
LUs: an LUO (51) that is the LU indicating the number 

20 LUNO, and LU1 (52) with ttie number LUN1 . 

It is noted that the nunnber of LUs shouki not be 
exclusively limited to the two (2) as shewn in Rg. 1 and 
may be increased more; in the case of single target 
functions, the LU may be maximally increased up to 

25 eight (8) per target. 

ft is also noted tfiat while in this embodiment the 
storage regions called the LUs are used as the access 
units, such stor^e regions each acting as the access 
unit may alternatively be those storage regions with a 

30 physical volume being as the unit or with a RAID group 
as unit 

The host computers 10, 20, 30 and storage control- 
ler 40 eirploy a fiber channel 60 as the interface, arxi 
are connected together via a devrce known as the 'lab- 

35 ric." 

An operation of the system shown in Rg. 1 will be 
explained under the assumption that the operation is 
peMfformed in one exemplary case where the host com- 
puter 10 performs data transfer toward the disk array 

40 sut}system 50 by way of the storage controller 40. The 
following description will mainly deal with tf^e iUm of 
control and the data flow. 

When the host computer 10 generates and issues 
an access request, the f S)er cfiannel control unit 41 rec- 

45 ognizes such request then issuing a task interruptkm 
request to the miaoprocessor 42. In turn, the rrdcro- 
processor 42 causes the control menK>ry 43 to store 
therein tX3th command information from the fiost com- 
puter and necessary control infonmation required in ttiis 

50 inverrtion. 

If the command information is a vimte command, 
then the miaoprocessor 42 instructs the fber channel 
control unit 41 to execute data transfer and then stores 
the transferred data in the cache 45 via the cache con- 

55 troller 44. Witti respect to ttie host computer 1 0, ttie fber 
channel control unit 41 issues a write completion report 
ttiereto. After completion of such write contpletion 
reporting, the microprocessor 42 controls the device 
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interface controller 46 thus permittir^ data and redun- 
dancy data to be written irrto the disk array sut>system 
50. In this case, during ordinary or starxiard RAIDS 
operations, a new parity is created based on the old 
data and old parity as well as new data; on the contrary, 
according to the control scheme of this invention, the 
microprocessor 42 does the same using the device 
interface controller 46 and the cache control unit 44 as 
well as the control memory 43 plus the cache 45. 

On the other hand, ipon receipt of read comniand 
information as the contmand information from the host 
computer 10. the microprocessor 42 sends an instruc- 
tion to the device interface control unit 46 for providing 
access to the disk array sut>system 50 which stores 
therein the data block of this access request to read 
data therefrom, which data will then be stored into the 
cache 45 through the cache control unit 44. The micro- 
processor 42 Issues an instructk>n to the f ber cfiannel 
control unit 41 ; the fOt>er channel control unit 41 in turn 
transfers the data stored in the cache 45 toward the host 
computer 10 and then sends a read completion report 
to the host oontputer after completion of the data trans- 
fer required. 

Next, a technical advantage of the fiber channel 60 
will be explained as follows. The f ber channel may be a 
high-speed interface capable of transferring data at 100 
MB/s at a distance of 10km in maxinum. The fber 
channel's architecture designed to send data from a 
"source** buffer to its "destination** buffer while moving 
the txjffer contents from one device to another in a way 
independerrt of the format apd contents of data per se; 
accordingly, any overhead which processes different 
network communications protocols will no longer take 
place thus enabling achievement of higfvspeed data 
transm^on. A variety of kinds of layers may be built in 
the ufjper-level logical layer, such as for example 
TCP/IP, SCSI, ESCON. IPI and the like. In other words, 
it does have the togical compatibility witti other inter- 
faceSw The device called the fabric is expected to exe- 
cute the complicated device-to-device 
connection/exchange furK;tion, wfiich leads to the capa- 
bility of organization of a multi-layered logical bus con- 
figuration. 

The basic unit based on which the f ft>er channel 
exchanges or distributes data is called the Irame.** 
Next this frame will be explained with reference to Rg. 

2. 

As shown in Fig. 2. a frame 70 is configured from a 
start-of-frame (SOF) section 71, frame header 72, data 
field 73, cyclic redundancy check (CRC) 74, and end-of- 
frame (EOF) 75. 

The SOF 71 is an identifier of 4 bytes which is put 
at the top of the frame. 

The EOF 75 is a 4-t)yte identifier at the last location 
of the frame; a combination of SOF 71 and EOF 75 indi- 
cates the boundary of frame. In the fber channel, an 
"klle" signal or signals flow therein in cases where any 
frames are at>sent 



The frame header 72 contains therein a frame type, 
host protocol type, source arxJ destination's N_PortJD 
informatk>n, N_Port_f4ame information and the like. The 
N_Port_ID is information indicative of an address, 

5 whereas N_Port_Name represents a port Identifier. 

The header of upper-level layer may fc>e put at the 
top part of the data field 73. This is followed by a pay- 
load section which cames data per se. CRC 74 is a 4 
t>yte check code for use in checking or verifying the 

10 frame header and data in the data f ieM. 

The frame header 72 has a format 80 as shown in 
Rg. 3. In the fran^ header format 80, a destination 
identifier (DJD) 81 is an address identifier on the frame 
reception side, whist a source identifier (S_ID) 82 is an 

15 kientifier incficative of the N_Port address on the frame 
transfer side, each of which may involve N_Port_ID, 
N_Port_Name infonmation, etc. 

An explanation will next be given of a payk}ad 90 of 
fber channel protocol commarxi FCP_CMND. which 

20 Stands for fber channel protocol for SCSI command arxl 
which is one of payloads of the data field 73 constituting 
the frame, in conjunction with Rgs. 4(A) and 4(B). 

A logk;al unit numt)er UUN for issuance of a com- 
mand is assigned to an FCP k>gical unit number 

25 (FCP_LUIsO 91 - A command control parameter is 
assigned to an FCP control (FCP_CNTL) field 92. And. 
an SCSI command descriptor block is stored in an FCP 
command descriptor block (FCP_CDB) field 93 for indi- 
cation of a command type such as a read command 

30 "Read** or the like, an address such as LUN, and a block 
number. The amoiKit of data to be transfenred in 
response to the commarxj is designated by byte number 
in an FCP data length (FCP_DL) fiekJ 94. 

Data exchangeAiistribution operations are executed 

35 by use of the frame thus arranged as descrbed above. 
Frames emptoyed herein may be generally classi- 
fied based on function into a data frame and link control 
frame. The data frame is for use in transferring informa- 
tion, and thus has data and command as used by the 

40 host protocol, which are built in the payloed section of 
the data field thereof. 

On tiie other hand, the fink control frame is typically 
used for indication of a success or failure of frame distri- 
bution. TTiere may be a frame or the like for use in Indi- 
es eating actual receipt of a single frame or in notifying a 
parameter conceming transmissk)n in log-in events. 

Next, the "sequerx^e" wilt be explained with refer- 
ence to Rg. 5. The sequence in the fber channel may 
refer to a coHection of data frames concemed which will 

50 be unidirectionally transferred from one N_Port to 
another N_Port the sequence con-esponding to the 
phase in SCSI. A collection of such sequences is called 
the "exchange." One example is tfiat a collection or 
^oup of certain sequences will t>e caDed the exchange, 

55 which sequences undergo exchartge/tiistritxjtion 
processing for execution of a command within a time 
perkxi spanning from the issuance of such command to 
the completion of command execution (including com- 
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mand issuance, data transmission, and completion 
reporting). As apparent from the foregoing desaiption. 
ttie "excfi^nge" may t>e equivalent to t/0 of SCSI. 

Rgs. 5(A), 5(B) and 5(C) show a log-in sequence 
(100), read commarxi sequence (110), and write com- 
mand sequence (120), respectively. 

In the iiber channel interface, the intended commu- 
nication becomes available in a particular event in which 
the host computer sends the device a port log-in 
(N_Port Login) frame containing a communication 
parameter, and then the device actually receives this 
frama This will be called the "log-in." Rg. 5(A) shows 
such log-in sec^ence (100). 

In the log-in sequence (100) shown in Rg. 5(A), the 
host computer first sends a PLOGI frame to the device 
at a sequence 101 therek}y to require a log-in attempt 
The device in turn serxis an acknowledge (ACK) frame 
to the host computer thereby informing it of actual 
receipt of the PLOGI frama 

Then, at a sequence 102, the device operates to 
send the host computer either an accept (ACC) frame if 
the log-in request is accepted or a link servk;e reject 
(LS-RJT) frame if the request is to be rejected. 

Next, the read corrmand sequence (110) of Rg. 
5(B) will be explained. 

In a sequence 111. the host computer serxJs the 
FCP_CMND frame to the device for requiring execution 
of a read operation. The device then sends t>ack the 
ACK frame to the host computer. 

At sequence 102, the device serxis the host conrv 
puter an FCP transfer ready (FCP_XFER_RDY) frame 
thereby notifying it of completion of preparation for data 
transmission. The host computer then sends the ACK 
frame to the device. 

The routine goes next to sequence 113 which per- 
mits the device to serxJ the host computer an FC data 
(FC_DATA) frame and then transfer data thereto. The 
host computer sends back ACK frame to the device. 

At the next sequence 114, the device serxJs the 
FCP_RSP frame to the host computer to thereby inform 
it of successful completion of data transmisskm 
required. The host computer then sends back ACK 
frame to the device. 

An explanation will next be given of the write com- 
mand sequerx^e (120) of Rg. 5(C). 

At sequence 121, the host computer sends the 
device an FCP_CMND frame to perform issuance of a 
write request. In turn, the device serxis ACK frame to 
the host computer. 

Then at sequence 122, the device sends 
FCP_XFER_RDY frame to the host computer in order to 
inform it of the fact that data writing is available. The 
host computer sends ACK frame to the device. 

Further, in sequence 123, the host computer serxis 
FCP_DATA frame to the device for execution of data 
transfer. The device then sends ACK frame to the host 
computer. 

Lastly at sequence 123, the device sends the host 



computer an FCP response (FCP_RSP) frame thereby 
notifying it of successful completion of data reception 
concemed. The host computer then serxis ACK fran^ 
to the device. 

5 While the general system configuration and format 
plus sequences have been explained in conjunction 
with Rgs. 1 to 5(C), a security check scheme incorpo- 
rating the princ^les of the present invention will be 
explained belcw. 

10 A security check scheme will first t>e explained 
which empfoys the N_Port_Name information during 
PLOGI processing. 

In acoordarxie with the invention, a first operation to 
t>e done in Rg. 1 is that the user sets or establishes a 

15 list of one or several host conrputers tfiat m^ provide 
access to the microprocessor 42 of the storage control- 
ler 40 prior to start-up of the host conrputers 10. 20, 30. 
More specifically, the N_Port_Name and N_Port_ID 
information capable of identifying such host compu- 

20 ter(s) may be input using the panel 47. When this is 
done, in order to attain the secrecy protection function 
upon inputting to the panel, entry of a password should 
t>e required ipon inputting of the information to thereby 
enhance the security. 

25 After input of tfie password, if such input password 
nr^hes a preset password, then input the 
N_Port_fslame information of more than one aocessit)le 
host conputer with respect to each port of tfie storage 
controller to thereby store the input information in the 

30 control table. 

^k3w. assume for exarrple that the host computers 
10, 20 are capat)le of getting access to the disk array 
sut>system 50 whereas the host conrputer 30 is incapa- 
t)le of accessing disk array subsystem 50. Assume also 

35 that the N_Port_Name is such tfiat the host oontputer 
10 is KIOSTA. host corrputer 20 is HOSTB, and host 
computer 30 is HOSTC. Suppose that the port of the 
ft)er channel corrtrol unit 41 of the storage controller 40 
Is CTLOPO. K this is the case, the resulting log-in 

40 request control table 130 is as shown in Rg. 6. 

By establishing th^ log-in request control table 130 
shown in Rg. 6 in a nonvolatile menrxMy. it becomes 
po6sft)le to protect the management infbrmatfon against 
any possit)le power interruption or failure. 

45 In addition, the information stored in the log-in 
request control tat>le 130 is saved in the hard disk 
region 50 upon occurrerKe of power off. Or alternatively, 
upon updating of infbrmatfon, reflection is performed to 
the memory 43 and the disk 50. This may enable the 

50 Storage controller 40 to permanently hold or store 
therein the information until it is subject to resetting or 
re^establishmenL 

It should be noted that while the **seir node infor- 
mation for use in identifying nodes and/br ports in the 

55 fber channel may also involve N„PortJD other than the 
N_Port_Name. it is desirable that the N_Port_Name 
information be used as an object to be checked for 
security. This is because of the fact that the N_Port_ID 
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win possbty be altered or modified and is not the 
numerat value under management by the users. 

Next an explanation will be given of a frame 
processing procedure of the storage controller in reply 
to issuance of a log-in request from a host computer s 
with reference to Rgs. 1 and 7. 

(StepS71) 

The host computers 10, 20. 30 start up each issu- 
ing a PLOGI frame, which is the log-in request frame 
storing therein the N_Port_Name information. Upon 
receipt of such frame, the microprocessor 42 of the stor- 
age controller 40 sends back each host computer an 
ACK frame representative of actual receipt of the frame. 

(Step S72) 

And. the microprocessor 42 attempts to extract 
N_Port_Name information as stored in the frame, and 
then performs connparison for determining whether 
such N_Port_IMame information has already been regis- 
tered in the N_Port_Name list within the presently avail- 
atHe preset control table. 

(Step S73). (Step S74). (Step S75) 

The N_Port_Name information that is presently 
stored in the frames issued from the host computers 10, 
20 may match the N_Port_Name information which has 
been registered within the control table so that the 
microprocessor 42 of the storage controller 40 returns 
the ACC frame to the host computers 10, 20 as a mark 
of actual receipt of the individual log-in request while 
simultaneously continuing to execute tfie fog-in 
processing. 

(Step S73). (Step S76) 

On the other hand, tfte N_Port_Name information 
stored in the frame as issued from the remaining host 
computer 30 fails to match the N_Port_Name informa- 
tion registered in the control table so that the microproc- 
essor 42 of storage controller 40 retums to the host 
computer 30 an LS_RJT frame which contains therein a 
reject parameter for rejection of its connection attenpL 

In the way as described abcve, by causing the stor- 
age controller 40 to manage the one-to-one corre- 
spondence of those ports of the host conrputers arxi the 
storage controller using the log-in recpjest corrtrol table 
130, it is possit)le for isers to prevent any urmuthorized 
access attempts from host computers on a port-by-port 
basis thereby maintaining enfianced security. 

Next one preferred methodology will be descrfoed 
which is for practicing the security check scheme using 
the N_Port_Name information per LUN that is the stor- 
age regfon of the disk array subsystem in accordance 
with the prirrctples of the present invention. 



In accordance with the invention, first establish a list 
of those accessible host oorrputers per LUN to the 
microprocessor 42 of storage controller 40 t>etore star- 
tup of the host computers 10, 20. 30. Then, input using 
the panel 47 certain information such as the 
N„Port_Name or N_PortJD information or the like 
capable of identifying the host computers. When this is 
done, request entry of a password upon inputting of 
such information in order to achie/e the secrecy protec- 
tion function through input to the panel 47, thereby 
enhancing tfie security. 

After inputting such password, if this matches the 
preset password, then input the port of storage control- 
ler along with the N_PDrt_Name information of one or 
several access3t)le host computers, thereby storing the 
input information in the control table 

Assume here tfiat the LUO (51) is accessft)le from 
the host computer 1 0 via a port of the fiber channel con- 
trol unit 41 of the storage controller 40 whereas the LU1 
(52) is accessible from the host computer 20 via a port 
of f foer channel control unit 41 of storage controller 40. 
Suppose ttiat regarding the N_Piort_Name, the host 
computer 10 is HOSTA while host computer 20 is 
HOSTB. Imagine that a port of f ber channel control unit 
41 of storage controller 40 is CTLOPO. If this is the case, 
an I/O request control table 140 is as shewn in Rg. 8. 

This 1/0 request control tat)le 140 shown in Rg. 8 ts 
estalslished in the storage space of a rKxivolatile mem- 
ory thereby making it possble to protect the manage- 
ment information against loss or destruction due to any 
accidental power intemfstion or failure. 

In addition, upon occurrence of power off, the infor- 
mation stored in the I/O request control table 1 40 shown 
in Rg. 8 is to t>e stored in the hard disk regfon 50. Or 
alternatively, reflection is carried out to the memory 43 
and disk 50 upon updating of infbrmatfon. This makes it 
possible to permanently ftold or maintain the informa- 
tion until it is reestablished at later stages. 

AltfK>ugh in this embodiment tfie channel path route 
is single, the same goes with other systems having a 
plurality of cfiannel path routes. 

A frame processing procedure of the storage con- 
troller in response to issuance of the 1/0 request from 
more tfian one host computer will now t>e eoqplained in 
conjunction with R^ 1 and 9. While in the prior exam- 
ple stated supra the security check was done in the 
course of PUOl, the check is performed p^ SCSI com- 
mand in this enAxxfiment. 

(Step S91) 

Where tfie host computer 10 desires to issue the 
t/0 request to LUO (51). the host computer 10 generates 
and issues a specific frame storing therein SCSI CDB 
toward the storage controller 40. Upon receiving of this 
frame, the storage controller 40 first sends back the 
ACK frame representative of actual receipt of this frame. 
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(StepS92) 

And. the microprocessor 42 extracts the 
N_Port_Name information stored in the frame along 
with the LUN numt)er within the CDB. and then per- 
forms comparison to detemiine whether such 
N__Port_Name information and LUN rujmt)er are regis- 
tered to the fist within the control tat)le which has t>een 
preset and maintained presently. 

(Step S93). (Step S94), (Step S95) 

Since the content Ihe host oorrputer 10 can 
access IJU0(51)" has been registered in the manage- 
ment tsAAe, the microprocessor 42 off the storage con- 
troller 40 receives the command and continues 
execution of I/O processing. 

(StepSSI) 

On the other hand, where the host corrputer 20 
issues an I/O request frame of LUO (51), when the stor- 
age controller 40 does receive this frame storing therein 
the SCSI CDB, the microprocessor 42 first returns to the 
host corrputer 20 the ACK frame Indicative of actual 
receipt of this frame. 

(StepS92) 

ArxJ, the microprocessor 42 operates to extract 
both the N_Port_Name information stored in the frame 
and the LUN numk)er within CDB, arKi then executes 
search processing to thereby determine whether such 
N_Port_Name information and LUN number are 
present in the management table. 

(Step S93), (Step S96) 

Suppose that the search reveals the absence of 
any corriMnation of its oorresporvJing LUN and 
N_Port_Name in the management table. Iff this is the 
case, the microprocessor 42 of storage controller 40 
sends an LS_RJT frame to the host computer 20 for 
rejection off the I/O request thereof. 

In th^ my. the storage controller may prevent any 
unauthorized access attempts. 

Although the explanation herein was devoted to the 
log-in and I/O request frames, any other information 
may t>e employed for comparison, including but not lim- 
ited to the N__Port_Name information as stored in any 
one off the other host oorrputer frames. 

It must be noted tttat the storage device urxier con- 
trol off the fO^er charviel connection storage controller 
should not exclusively t>e limited to the disk array sut)- 
system stated supra, and the principles off the present 
Invention may alternatively t>e applicable to any systems 
employing an optical disk drive, magneto-optical disk 
drive and magnetic tape storage as well as litvary appa- 



ratus including one or several of them in combination. 

A summary of the case where the present inventfon 
is applied to a system including its storage device under 
control off the storage controller which is configured from 

s an optical dsk device or ''sut>system" will be explained 
with reference to Rg. 10. Reference numeral 150 desig- 
nates such optical disk library subsystem under control 
off tfie storage controller 40; numeral 151 indicates an 
optical disk drive; 152 to 156. optical disk media 

10 The user is expected t>efore startip off the host 
computers 1 0, 20. 30 to make use off the panel to estab- 
lish a correspondence relation among the individual 
riYedium and drive as well as port relative to the 
N_Port_fvlame information while maintaining in a rtBcro- 

15 program the rigffit or auttiorizatfon of accessibility of host 
computers. 

Assumethattfiose media 152. 153, 154areacces- 
sible from the host computer 10 whereas mecGa D155, 
E156 are accessS^e from host computer 20. Suppose 

20 that the N_Port_ff4ame information of host conrputer 1 0 
is HOSTA. that off host computer 20 ^ HOSTS. Suppose 
also that the port off storage controller 40 is CTLOPO, 
that off optical disk drive A151 is DRIVEO, and those off 
respective media A152. B153. C154. D155 and E156 

25 are MEDA. MEDB, MEDC, MEDD and MEDE. In this 
case, a request control table 160 is as shown in Rg. 11. 

When respective host corrputers generate and 
^e 1/0 request frames, volume information must be 
stored In CDB in the payload constituting each frame; 

30 accordingly, the storage controller 40 is responsive to 
receipt off the frame for comparing txyth the 
N_PDrt_Name information within the frame arxJ a 
medium identifier within ttie payload to corresponding 
items as presently stored in the control tat>le which has 

35 been preset and held in the storage controller 40. In 1h^ 
way. applying the principles of the Invention may enaksle 
the storage controller to eliminate any possible unau- 
thorized access attempts from the host corrputers. 

40 Claims 

1. In a corrputer system including a host conputer, a 
storage devrce having a magnetic disk drive, and a 
f ber channel connection storage controller empfoy- 

45 ing an ANSIX3TT1 1 -standardized f t)er chann^ as 
an interface t)etween the host computer and the 
storage device, the magnetic cfisk drive t>eing oper- 
at3le under control of the f foer connectfon storage 
controller, the fiber channel conrrection storage 

50 controller comprising; 

N_Port_Name information which is informatkxi 
issued from the host conrputer for distinctly 
kJentifying the host corrputer is preinstalled in 
55 the storage control device prior to start-up off 

the host conputer; the storage control device 
has means for permanently storing therein the 
infbnmatfon until this information is reset; after 
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startup of the host corrputer. the host computer 
generates and issues to the storage control 
device a frame storing therein N_Port_Name 
information; the storage control de^ce has 
means for conrparing, upon receipt of this infor- 5 
mation, the N_Port_Name information dis- 
tinctly identifying the host computer as already 
set and stored therein to the N_Port_Name 
information presently stored in a received 
frame; and, a fber channel connection storage 10 
control device has means for eliminating unau- 
thorized access from the host computer in a 
way such that when the comparison results in 
match, processing t>ased on £in instruction of 
the frame is continued, arxJ when failed to 15 
match, a link service reject (LS_RJT) frame for 
rejection of the received frame is returned to 
the host computer. 

In a computer system including a host computer, a 20 
storage device having a magnetic disk drive, and a 
fber channel connection stor^e controller enploy- 
ing an ANSIX3TT1 1 -standardized fit>er channel as 
an interface between the host computer and the 
storage device, the magn^ disk drive being oper- 25 
able under control of the fber connection storage 
controller, the fber channel connection storage 
controlier comprising; 

N_Port Name information which is information 30 
as issued from the host computer to distinctly 
identify the host computer is preinstailed in the 
storage control device prior to startup of the 
host computer; the storage control device has 
means for permanently storing therein the 35 
information until thte information will t>e reset; 
after startup of the host computer, the host 
corrputer generates and issues to the storage 
control device a frame storing therein 
N_Port_f^Jame information; the storage control 40 
device has means for comparing, upon receipt 
of this information, the N_Port_Name informa- 
tion d^nctly kientifying the host computer as 
already set arxl stored therein to the 
N__Port__Name inforn^on preserrtiy stored in a 45 
received frame; a fO^er channel connection 
storage control devk;e has nrteans for eliminat- 
ing unauthorized access from the host compu- 
ter in a way such that when the comparison 
results in match, processing based on an so 
instruction of the frame is continued, arvj when 
failed to match, a link service reject (LS_RJT) 
frame for rejection of the received frame is 
retumed to the host computer; and. the fber 
channel connection storage control device also ss 
has means for setting N__Port_Name informa- 
tion items greater in number than or equal to a 
physical nurrber of host interfaces (ports) as 



owned by the storage control device, that is, 
means for setting a plurality of N_Port_Name 
information items per port, and means for 
deterring unauthorized access from the host 
computer even for a nrulti-logical path configu- 
ration upon a fiber channel Fabric connection. 

3. In a computer system including a host compute, a 
storage device having a magnetic disk drive, and a 
fber channel connection storage controller employ- 
ing an ANSIX3TT1 1 -standardized fber channel as 
an interlace between the host corrputer arxi the 
storage devk;e. the magnetic disk drive being oper- 
able under control of the fber connection storage 
controller, the fiber channel connection storage 
controller comprisirrg; 

N_Port Name information which is irrformation 
as issued from the host computer to distinctly 
identify the host computer is preinstailed in the 
storage control device prior to startup of the 
host computer; the storage control devk:e has 
mearrs for permanently storing therein the 
information until this information will be reset; 
after startup of the host computer, the host 
computer generates and issues to the storage 
control device a frame storing therein 
N_Port_Name infomtation; the storage control 
devk;e has means for comparing, upon receipt 
of this infomriation, the N_Port_Name infbrrrra- 
tion distinctiy identifying the host computer as 
already set and stored therein to the 
N_Port_Name information presentty stored in a 
received frame; a fber channel connection 
storage control device has means for eliminat- 
ing unauthorized access from the hiost compu- 
ter in a way such that when the conparison 
results in match, processing based on an 
instruction of the frame is continued, and when 
failed to match, a link service reject (LS_RJT) 
frame for rejection of the received frame is 
returned to the host computer; arKi, the fiber 
channel connection storage control device also 
has means for setting N_PDrt_Name informa- 
tion it^ns greater in number than or equal to a 
physical number of host interfaces (ports) as 
owned by the storage control device, that is. 
means for setting a plurality of N_Port_Name 
information iten^ per port, and means for 
deterring unauthorized access from the host 
computer even for a multi-togical path configu- 
ration upon a fber channel F^ric connection; 
and 

further characterized in that in a system having 
many magnetic disk volumes as in a disk array 
device under control of the storage control 
devk;e and also having a plurality of channel 
path routes, the fber chanrrel connection stor- 
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age control device has means for performing 
management, in a one-to-one correspondence 
relationship, of storage regions indudrng a log- 
ical unit number (LUN)-based logical disk 
extent, a RAID group-based logical dsk extent 5 
physical volume extent and the like, ports of the 
storage control device, arvi the N_Port_Name 
information of an accesstole host computer, 
and further having means for deterring unau- 
thorized access with respect to each storage w 
region. 

4. Ttie fiber channel connection storage control 
device according to claim 2. characterized in that 
the storage control device has means for perform- is 
ir>g table-t>ased management and storage of the 
information of the corresporxience arrxxng the 
N_Port_Name information in a way such that where 
the storage device under control of the storage con- 
trol device is any one of an optical disk drive, mag- 20 
netoKiptical d^ drive and magnetic tape device as 
well as lit>rary apparatus of them, said means deals 
with an accessftHe host computer, a port or ports of 
the storage control devk:e and the storage device in 

a mutual correspondence manner and furtfier exe- 25 
cutes correspondence management of media in the 
case of I3xary apparatus; arxJ also has means for 
detem'ng unauthorized access from the host com- 
puter. 

30 

5. The ffoer channel connection storage control 
device according to daim 1. characterized in that 
tfie information to t>e managed by tiie storage con- 
trol device for pre^ntion of unauthorized access 
from the host compute is settable using a panel. 3s 

6. The ffoer channel connection storage control 
device according to daim 1. characterized in that 
the information to be managed t>y the storage con- 
trol device for prevention of unautfiorized access 40 
from the host computer is settat)le usir^ a panel, 
and by further comprising a protection scheme for 
use when setting of the information. 

7. The f^ channel connection storage control 4S 
device according to daim 1. characterized in that 
the information to be managed by the storage con- 
trol devfoe for prevention of unauthorized access 
from the host corrputer is settable using a utility 
program of the host computer. so 

8. The fber channel connection storage control 
device according to daim 1. characterized in ttiat 
fhe information to be managed by the storage con- 
trol devrce for prevention of unauthorized access ss 
from the host computer is settable using a utility 
program of ttie host computer, and by further com- 
pr^ng an input protection scheme for use upon 



setip of the information. 

9. In a computer system with a channel of the network 
architecture type for use as an interface between a 
plurality of host computers and a storage control 
device, saki system comprising more than one host 
computer and a storage control device as well as 
more than one storage device under control of the 
storage control devfoe. characterized in that 

host computer identification information capa- 
ble of distinctiy identifying the host computer is 
prestored in the storage control devfoe prior to 
startup of the plurality of host computers, and 
that a channel connection storage control 
device is operable, upon startup of the host 
computer to generate and issue a frame storing 
therein host computer identiffoation information 
and upon receiving of tfie frame, to perform 
comparison in detemrtining whether tiie host 
corrputer identification information stored in 
the frame is already estat)lished in said storage 
control device to permit, when the oorrparison 
results in match, execution of processing 
based on the frame to continue and to reject 
any request when the conparison results in 
failure of match. 
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